This script is Copyright (C) 2012-2015 Tenable Network Security, Inc.
A remote web application is vulnerable to a persistent cross-site
The remote web server hosts Struts2-rest-showcase, a demonstration
application for the Struts2 framework. Input passed via the
'clientName' parameter to the 'orders' page is not properly sanitized,
which can allow for arbitrary HTML and script code to be loaded onto
the system that is executed when a user visits the 'orders' page.
See also :
Remove or restrict access to the Struts2-rest-showcase application.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 4.1
Public Exploit Available : true